* Jari Aalto <[EMAIL PROTECTED]>: > Package: shorewall > Version: 3.0.1-1 > Severity: important > > After upgrade to v4 shorewall I changed the zone file to (ipsecfile is > empty): > > #ZONE TYPE OPTIONS > > fw firewall > net ipv4 > loc ipv4 > > Which is assumed to be correect according to releasenotes.txt.gz > and http://www.shorewall.net/Documentation.htm#Zones > > ZONE Short name of the zone (5 Characters or less in > length). The names "all" and "none" are > reserved and may not be used as zone names. > > TYPE ipv4 - This is the standard Shorewall zone type and is > the default if the column is left empty or if > it is entered as "-". Communication with some > zone hosts may be encrypted. Encrypted hosts > are designated using the 'ipsec' option in > /etc/shorewall/hosts. > ipsec - Communication with all zone hosts is encrypted > Your kernel and iptables must include policy > match support. > firewall > - Designates the firewall itself. You must have > exactly one 'firewall' zone. No options are > permitted with a 'firewall' zone.
Try to unset the variable FW in your /etc/shorewall/shorewall.conf. Let me know whether it works or not. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
